Infosec bits for 2024 week 25

Kgwadi Matenche | June 21, 2024, 3:47 p.m.

Cybersecurity News:

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites [Bill Toulas, Bleeping Computer]

Threat Actors Are Now Using Fake Google Chrome, Microsoft Word, and OneDrive to Target Users [Krishi Chowdhary, The Tech Report]

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining [Newsroom, The Hacker News]

Vulnerabilities & Patches:

SolarWinds Serv-U path traversal flaw actively exploited in attacks [Bill Toulas, Bleeping Computer]

Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira [Ionut Arghire, SecurityWeek]

VMware fixes critical vCenter RCE vulnerability, patch now [Bill Toulas, Bleeping Computer]

Malware:

Fickle Stealer Distributed via Multiple Attack Chain [Pei Han Liao, Fortinet FortiGuard Labs]

Breaches & Leaks:

Hacker Leaks Data of 33,000 Accenture Employees in Third-Party Breach [Waqas, Hackread]

LA County Dept. of Public Health Data Breach Impacts 200K [Dark Reading Staff, Dark Reading]

Others:

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto [Lawrence Abrams, Bleeping Computer]

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying [Newsroom, The Hacker News]